[Juser] "Invalid CA certificate" for jabber.org?

Peter Saint-Andre stpeter at jabber.org
Fri Feb 18 15:57:59 CST 2005


On Fri, Feb 18, 2005 at 10:37:42PM +0100, Matthias Wimmer wrote:
> Hi Peter!
> 
> Peter Saint-Andre schrieb am 2005-02-18 15:27:14:
> > It is not purely client-side -- the Psi developers require the server
> > admin to place some special file in a special format on the server,
> > because Psi does not read PEM-encoded certs, but the special Psi XML
> > format. And to the jabber.org server admins, that seems like a bad idea.
> 
> I don't think this is the case. The certificate is exchanged in the TLS
> handshake. The special encoded file format is only used by Psi to store
> the certificates of the root authorities ...
> 
> It might be possible that a server admin stores the special Psi CA file
> on the server if it uses its own certification authority, but it isn't
> needed.
> 
> If the right certificate has been added to the Psi CA store, it might
> be, that an intermediate certificate has been used to sign the
> certificate of jabber.org and this certificate is not sent to the client
> (in the TLS handshake). In that case jabber.org's client connection
> manager would have to sent the intermediate certificate together with
> its own certificate while establishing the TLS layer. A special XML
> format won't be required in that case either.

Ah, OK. I'll follow up on that with the jabber.org admin team.

/psa




More information about the JUser mailing list